NSS and PAM
Dag-ErlingSmørgrav
des at des.no
Thu Dec 4 16:00:47 PST 2003
Jacques Vidrine <nectar at freebsd.org> writes:
> Applications that use PAM to change the password when the password
> expires seem to work out OK.
This works because each backend knows whether or not the password
needs changing (there is a flag to tell the module to only ask for a
new password if the current password has expired). When you are
purposedly changing your password before it expires, things are a
little less clear.
Things might be easier if NSS had a proper API which included entry
points for storing and updating user information (and not just for
retrieving). Then pam_unix wouldn't need to know anything about
/etc/spwd.db or NIS; it would just retrieve the information from NSS,
note that the password had expired, ask the user for a new password
and tell NSS to store it.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-current
mailing list